Securing from exploits using information theoretical techniques

The creation of completely secure software currently seems like a mere pipe dream. The more vigorously we can test software, the greater confidence we can have that it is indeed secure. Testing on all possible inputs however, is generally intractable.

Our research focuses on exploring information theoretical techniques and their application to testing. These techniques may provide valuable information regarding how best to test, and when it is safe to stop. By using information theory we may shed light on the most effective program paths on which to run tests, and how to generate he most effective test set.

Secure and well tested software eliminates many of the opportunities available for attackers to exploit. We also consider the point at which attackers will give up and the software has become safe by design. In this we must consider the modus operandi of the attackers, and assuming they are rational agents, at what point their cost/benefit analysis will prove unrewarding enough to consider the target unprofitable.